BREAKING NEWS: What the Internet’s Latest Security Flaw Means for Your Privacy
by James McNaueal – Intern at Response I.T.
Recent news of a flaw in the encryption software that provides secure communication over the Internet has shaken up the tech world and put many people in frenzy.
What is this massive security flaw?
It’s called the Heartbleed Bug.
Unlike the 17+ million viruses floating around the web, the Heartbleed Bug is not something that can be protected against, per say.
According to the informational website that provides information on the issue, “This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”
In other words, for the past two years a flaw in internet security software has given hackers access to private information being transferred between users and hosts.
To better illustrate the issue, let’s use an analogy.
Think of the Internet like a postal service.
When you access the internet to log into Facebook, check your email, read the news, or do some online shopping, you are sending information to all of the websites you visit using a secure “postal service”. Now, typically this postal service requires authentication from the person/website receiving the information—similar to how one might sign off for a parcel in the mail. The Heartbleed Bug, however, allows a stranger to hijack the postal service and access the information being sent.
To make matters worse, not only do these hackers have access to information being sent, they can access all previous information that has been sent.
Imagine you and a friend are having a conversation and someone overhears it. Now imagine instead that someone shows up shortly after the fact, peeks into your brain, and hears the whole conversation start to finish without having been there in the first place.
That, in essence, is the danger of the Heartbleed Bug. If this sounds scary, that’s because it is.
Does this affect you?
Probably. Given that a recent Netcraft web survey of roughly 960 million websites showed that 66% were powered by technology built around SSL, there is a good chance your favourite social media sites, your company’s site, hobby sites, sites you install software from, and even sites run by the government might be using the vulnerable software.
So what can you do to protect your information?
At this point there isn’t much you can do other than play the waiting game and brush up on some good personal security habits!
Change your password now and on a regular basis
Keeping your passwords updated on a regular basis helps stump hackers who manage to get their hands on it. If you’re anything like me you probably have a hard time remembering passwords as it is, but fortunately there are tools out there that allow you to store them, like KeePass.
Make sure all of your passwords are unique
For the same reason it is a bad idea to use the same pin on your credit card and debit card, having different passwords for different accounts is the simplest way to protect your identity online. Should one of your accounts be compromised, you can rest (somewhat) assured your others will be safe.
(It is also a good idea to use passwords that are difficult to guess or decrypt. Strong passwords use a variety of lowercase and uppercase letters, numbers, and symbols and don’t spell out guessable words.
Be careful where you put your personal information
Play it safe: avoid using personal information, especially credit card information, on websites that are not secure. As a rule of thumb, this means sticking with names you know, and using services like PayPal to shop online so that your information remains secure.
Will the internet ever be safe again?
Fortunately, the flaw has been fixed and is already in deployment. Most major services are already incorporating the fix and updating their sites, but it will take a bit more time for the correction to reach all web hosts. In the meantime, follow the pointers listed above and wait for the storm to blow over. Watch for emails from your bank and other service providers informing you of the issue and what they have done to fix it. Do remember though, none of these agencies will ask you to click links and submit personally identifiable information.
IMPORTANT NOTE TO OUR CLIENTS: Keep in mind that if you are our customer and utilize SSL that you don’t need to worry as we utilize Private SSL which is not vulnerable to the Heartbleed bug.